Evernote uses cookies to enable the Evernote service and to improve your experience with us. To learn more, check out our cookie policy. By clicking OK or continuing to use our site, you agree that we can place these cookies.

Security Updates

Evernote makes products that are the go-to apps for millions of people worldwide accomplishing their most important work. It's important to us that your experience be both private and secure. We proactively test our products for security issues and regularly squash bugs that could create vulnerabilities in our apps.

Here you'll find a list of the most recent security bugs that we've fixed. We'll update this page anytime we release an app that has a security update. (Note: Reporting began on March 1st, 2015. Fixes released prior to this date do not appear.)

To stay up-to-date with security patches, check back here or in our app release notes.

Fixed an issue in versions 6.4 - 6.7 where the app would send authentication tokens over HTTP when contacting certain portions of the Evernote Service. The vulnerability did not affect note content, usernames, or passwords and those continued to be securely encrypted in transit.